Follow:

 

Exploit:JS/CVE-2013-2551.C


Microsoft security software detects and removes this threat.

This threat uses an Internet Explorer vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.

The following Internet Explorer versions are vulnerable:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10


What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Update your software

It's also important to keep your other software up to date:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Threat in context

Exploit:JS/CVE-2013-2551.C is a detection of an exploit which uses CVE-2013-2551 vulnerability to run the code on a remote machine. This malware exploits Internet Explorer's COALineDashStyleArray class in SVG VML component  the using use-after-free condition. It is normally served in a browser context.

What is an exploit?

Exploits are written to take advantage of weaknesses (or vulnerabilities) in legitimate software. A project called Common Vulnerabilities and Exposures (CVE) gives each vulnerability a unique number, in this case "CVE-2013-2551". 

You can find more information on the CVE website or on our page about exploits.

Payload

Downloads malware

This threat downloads and runs malicious programs.

We have seen it download variants from several malware families, including Win32/Simda, Win32/Urausy, Win32/Karagany, Win32/Reveton, Win32/Sirefef.

This exploit is distributed among the following Exploit Kits: Fiesta, Angler, Magnitude, Nuclear, and others.

Analysis by Justin Kim


Symptoms

Alerts from your security software might be the only symptom.

It's also important to keep your other software up to date:


Prevention


Alert level: Severe
First detected by definition: 1.161.1607.0
Latest detected by definition: 1.161.1996.0 and higher
First detected on: Nov 07, 2013
This entry was first published on: Sep 17, 2014
This entry was updated on: Oct 27, 2014

This threat is also detected as:
No known aliases